Skip to content

Instantly share code, notes, and snippets.

@arubdesu
Created February 12, 2015 20:43
Show Gist options
  • Save arubdesu/e03179b8c79cb33070f3 to your computer and use it in GitHub Desktop.
Save arubdesu/e03179b8c79cb33070f3 to your computer and use it in GitHub Desktop.
Symantec DLP postflight
#!/bin/sh
InstallParentPath=/Library/Manufacturer
InstallPath="$InstallParentPath/Endpoint Agent"
PGPBinaryPath="$InstallPath/Frameworks/PGP.framework/PGP"
AgentPlistPath=/Library/LaunchDaemons/com.symantec.manufacturer.agent.plist
cleanup_and_exist_if_failure() {
if [ $1 -ne 0 ]
then
echo "$2, Running cleanup..."
rm -rf "$InstallParentPath"
rm -f $AgentPlistPath
exit $1
fi
}
set_permissions_and_ownership() {
# for Agent daemon launchd plist
/bin/chmod ug=r,o= $AgentPlistPath
cleanup_and_exist_if_failure $? "Unexpected error: could not set the permissions on daemon plist."
/usr/sbin/chown root:wheel $AgentPlistPath
cleanup_and_exist_if_failure $? "Unexpected error: could not set the ownership on daemon plist."
# for Install dir
# set ownership for all directories and files in install dir
/usr/sbin/chown root:wheel $InstallParentPath
cleanup_and_exist_if_failure $? "Unexpected error: could not set the ownership on install path."
# set default permissions for all directories and files in install dir
/bin/chmod -R ugo=r $InstallParentPath
# set rx for all the directories in install dir
/bin/chmod -R ugo=rX $InstallParentPath
cleanup_and_exist_if_failure $? "Unexpected error: could not set the permissions on install path."
/bin/chmod u=rwx,go=rx "$InstallPath"
/bin/chmod u=rx,go= "$PGPBinaryPath"
/bin/chmod u=rx,go= "$InstallPath/edpa"
/bin/chmod ug=rx,o= "$InstallPath/start_agent"
cd "$InstallPath"
/bin/chmod u=rx,go= *.dylib
cd -
# for Verity files
cd "$InstallPath/Verity"
/bin/chmod u=rx,go= *.so *.jnilib kvoop filter tstxtract
/bin/chmod u=r,go= kv.lic *.ini
cd -
}
function install_tools
{
TOOLS_DIR="$PWD/Tools/"
if [ ! -d "$TOOLS_DIR" ]; then
return 0
fi
echo "Installing Tools"
FILES="$PWD/Tools/*"
for f in $FILES
do
name=$(basename "$f")
if [ "$name" == "*" ]; then
break;
fi
if [ -d "$f" ]; then
cp -Rf "$TOOLS_DIR/$name" "$InstallPath/"
chown -R root:wheel "$InstallPath/$name"
chmod -R 550 "$InstallPath/$name"
else
cp -f "$TOOLS_DIR/$name" "$InstallPath/"
chown root:wheel "$InstallPath/$name"
chmod 550 "$InstallPath/$name"
fi
done
echo "Tools Installed"
}
ProductVersion=`defaults read $PWD/Info CFBundleVersion`
# Read existing version for upgrade scenario.
pkgutil --pkg-info-plist $INSTALL_PKG_SESSION_ID > $PWD/pkgInfo.plist
if [ $? -ne 0 ]
then
echo "Installing $ProductVersion ..."
set_permissions_and_ownership
DYLD_LIBRARY_PATH=$PWD ProductVersion=$ProductVersion ./CustomAction
resultCustomAction=$?
cleanup_and_exist_if_failure $resultCustomAction "CustomAction returned with an error."
else
echo "Repairing installation $ProductVersion ..."
# preinstall checks allow only new installation or repair. Not checking here again.
fi
install_tools
launchctl load $AgentPlistPath
cleanup_and_exist_if_failure $? "Unexpected error: could not load the DLP Endpoint Agent"
echo "End of postinstall"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment